That will be a lot of companies considering pretty much every big company uses salesforce.
Potentially, everyone that happens to share a instance with an org that has every used Pardot is affected.
Every org on an instance that had an org that used Pardot (huge percentage) had a service outage today.
The security breach was limited to the actual orgs (much smaller percentage) that have actually enabled Pardot in the past.
So, many (I’d guess half) of Salesforce's customers were affected with an outrage, but a much smaller percentage also had a possible data breech.
> "‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
Based upon this definition just allowing the access is a breach.
It would absolutely be considered a breach if customer data was accessible by non authorized staff, moreso if by partners.
Presumably most users already have an NDA signed? Doesn't that cover PII?
I find it concerning that it was even possible for this to happen, regardless of whether it was intentional.
I feel terrible for whoever initiated this. I’ve been in that boat and it -really- sucks.
"Ah yeah - it got in a bad state somehow, let me fix it manually"
UPDATE permissions SET allow = 1 WHERE user=671156 AND permission=16 AND org=101 OR 102;
* Change your account to readonly. Make a new admin account, and put its credentials somewhere hard to get (and audited!).
* Make a directory in git for 'one off sql statements'. Make them all go through code review and have an automated system run them on merge/deploy.
* Enforce style rules with a linter/test, like "UPDATE must have a LIMIT"
* Anything the above process is too burdensome to do should have an API or admin interface built for the purpose.
* Aim to eventually get rid of your readonly account. A leaked customer data dump could kill the company and shouldn't be available to any malware on your machine. You aren't as secure as you think you are.
Do we have any example of any company going under due to a data breach? Unfortunately, there seem to be a lot of examples of enormous breaches that did essentially nothing. (like Experian)
COMMIT; or ROLLBACK
I always recommend that you are wrapping calls in transactions if you are touching prod data. I only left the WHERE clause of my update query off once in my life before I started doing that.
SELECT for verification
And then just change ROLLBACK to COMMIT, after you're sattisfied. There's no need to do it interactively.
As someone who has never had access to a DB with any serious number of users, can you explain this one further? What if you really do want to update every row? Do you just do LIMIT INT_MAX or the like, and just force people to write that so that they always know they're updating the entire table? Or are you saying you should only ever use UPDATE on a known finite (and small?) number of rows?
Basically, if your table is over a few gigabytes, updating every row in one query on a production instance is a really bad plan.
(user=671156 AND permission=16 AND org=101) OR 102
org IN (101, 102)
It is often worth running a SELECT on the WHERE clause you are about to use for your UPDATE. That way you can make sure only a limited amount of data comes back before you launch something catastrophic.
It should be
UPDATE permissions SET allow = 1 WHERE user=671156 AND permission=16 AND org=101 OR org=102;
(user=671156 AND permission=16 AND org=101) OR (org=102)
Also incorrect, they have great cloud and devops practices. If anything it's likely this bug's impact would be limited due to how decentralised SFDC operates.
Still a massive fuck-up, I'm interested in seeing if they'll release any more detail on why it happened.
Impossible to run locally.
Virtually impossible to put an entire org in source control.
No package manager.
More undefined behavior than a C compiler.
whaaaaaaaaaaaaaaaaat hahahaha i can't take that seriously; I've used it and it felt like a giant pit of despair
they do own heroku
SFDC hate is pretty common, maybe because of how big they are. I think that their tech is actually pretty impressive.
Like seriously I would rather lick alcohol soaked razor blades than do a standard annual renewal of a Salesforce contract.
That's the advantage of decentralized architecture. It's a disadvantage too though ...
Our product syncs data to Salesforce - we're seeing hit and miss connectivity across our customers' instances. Some API calls are still working, I'm unable to sign in to a developer instance in NA49.
We woke up to a bunch of users unable to do their jobs because they suddenly started receiving "NO ACCESS" errors, effectively. We also haven't been able to modify the profiles and fix the access effectively.
This issue did not open access to other companies’ data. Just all the data in their own Org.
So if a sales person at Company B happens to be a Customer at Company A...
It's difficult to say. Exporting data in bulk isn't totally straightforward for your average user, and I'm not sure how long total CRUD access was granted. That being said, given that full access was granted, it's not impossible to imagine someone creating a report and doing a dump of customer data.
Though typically that may fall under NDA and not non-compete. NDAs are a little easier to enforce as far as I understand, but I'm not a lawyer.
It'll be 0 - its more about the possible breach of PHI/HIPAA violations
Still bad if the latter, but catastrophic if the former
Not really what you want with something like this... but the folks holding the keys to a site like that are often never around / fast enough to make those sites helpful.
Still, epic screw-up.
our SF instance is accessible, but no permissions on login.
just got an update from our admin, no eta
Moving off Salesforce is a many month project for a small company and possibly years for a larger company depending on the add-ons and everything.
Doubt they lose any real customers over this but they’re definitely going to be cutting some checks/credits to a ton of people for the next few months but it’ll fade.